Description
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/497
Related Vulnerabilities
CVE-2018-20000 Vulnerability in maven package org.bedework:bw-webdav
CVE-2021-25941 Vulnerability in npm package deep-override
CVE-2018-1261 Vulnerability in maven package org.springframework.integration:spring-integration-zip
CVE-2019-25103 Vulnerability in npm package simple-markdown
CVE-2019-10317 Vulnerability in maven package org.jvnet.hudson.plugins:sitemonitor